Abstract

Individuals and organizations have their private data disseminated in social networks systems and other open systems. Thus, attackers can explore published data in their (passive) information gathering phase to strengthen their attack. In this talk we analyze the privacy problem underlying social networks and the value they have to attackers. We introduce new tools which amplify this open source intelligence available and help to assess the security posture in which they are put by publishing this information. These tools include a technique for combining the data found in several networks to provide a concise portrait of one individual (which can be used for client-side attacks), a technique for estimating the structure and relationships within a social network (which can be used for leveraging trust relationships), and a method for profiling an individual's vocabulary for later impersonating him.